A friend of mine asked me that question and I`m not sure. Suppose we have a network of linux machines most with X servers running. Can root remotely capture the X server content of these machines somehow? Or maybe he can run a script that will save X data to a file and then re-create what windows were opened and what was on the monitor? Is that easy? If so is there any way to prevent X server spying?

Can root remotely capture the X server content of these machines somehow?

The short answer is yes, but not quite that easy. Root on one machine will not be root on the other machine without permission. In order to access a remote X session you need to have the Xserver port open, and if a firewall is running allowing access as well.

Quote

Or maybe he can run a script that will save X data to a file and then recreate what windows were opened and what was on the monitor?

Again you can do this, however it will take a little work to accomplish that. First you would need to background the xserver under root and then you can log everything that happened. Of course the logswould become large quickly.

Quote

Is that easy?

The concept is easy, implementing it is not. First remote exploiting would create a problem if the usersfollow easy and safe web browsing principles. If there is physical access then all bets are off. Anyone can own that machine.

Quote

If so is there any way to prevent X server spying

To prevent this attack would be to have a firewall in place, second watch your logs (mutt point for a good attacker since it is the first place to fix) and also monitor those that have accessed your machine ( again mutt for a good attacksince wtmp is the second thing to fix) also you can monitor your files and see if any file is strange bad timestamps and such.

To prevent this attack would be to have a firewall in place, second watch your logs

Thanks for the answer. What I meant was more about what if a network admin (at someone`s work for example) is a nosy peeping guy and wants to monitor what people are doing instead of working Anyway I see that there is no easy solution for this or tool that can be downloaded from sourceforge.net and just installed.

What I meant was more about what if a network admin (at someone`s work for example) is a nosy peeping guy and wants to monitor what people are doing instead of working

If the administrator is monitoring your actions then he is working. An administrator should nevertake the job lightly since anything that goes wrong is their fault.

The question that you have asked. If I am the administrator with all the passwords then it is trivial to setup the monitoring your asking about. You can almost bet the bank that any internet connection has some type of logging. That goes in hand with understanding theattacks against the network are.

There are admins that abuse their power ( I am the powerful Oz) and then unrealistic users (I should be able to do anything that I want) neither is a good thing. A balance and open communication is important, since both groups need each other.

A friend of mine asked me that question and I`m not sure. Suppose we have a network of linux machines most with X servers running. Can root remotely capture the X server content of these machines somehow? Or maybe he can run a script that will save X data to a file and then re-create what windows were opened and what was on the monitor? Is that easy? If so is there any way to prevent X server spying?

There is NetOp, which runs on Linux and fits that description to a T. I can't testify to its reliability, however, because I usually turn it off in WinDOS when I'm in class in the Services configuration...